More Royal Bank of Canada Spam
Posted by Dave Yadallee on
From - Sat May 25 07:47:03 2013
X-Account-Key: account1
X-UIDL: 00001acb4f5d9180
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Received: from localhost by doctor.nl2k.ab.ca
with SpamAssassin (version 3.3.2);
Wed, 22 May 2013 05:39:02 -0600
From: RBC Royal Bank
To: doctor@gallifrey.nk.ca
Subject: [Norton AntiSpam]*SPAM* {Spam?} Online Banking: Your account has been limited!
Date: 22 May 2013 12:48:59 +0200
Message-Id: <20130522124859.41F0E947AE640A67@service.com>
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on doctor.nl2k.ab.ca
X-Spam-Flag: YES
X-Spam-Level: ***************
X-Spam-Status: Yes, score=16.0 required=5.0 tests=RCVD_IN_JMF_BR,RCVD_IN_PSBL,
RCVD_IN_UCE_PFSM_1,SPF_FAIL autolearn=unavailable version=3.3.2
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_519CAE56.AC2A3DB7"
X-Antivirus: AVG for E-mail 10.0.1432 [3184/5854]
X-AVG-ID: ID7C660474-6A5B4E6B
X-Brightmail-Tracker: AAAABhlaoTYdxOgKHcToAR3FBkEdxPnuHcUC9A==
This is a multi-part message in MIME format.
------------=_519CAE56.AC2A3DB7
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Spam detection software, running on the system "doctor.nl2k.ab.ca", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: RBC Royal Bank / Message Center: 1 New Alert Message! 1 New
Alert Message! Customer Service: Your account has been limited! Click to
Resolve Thank you for using Royal Bank of Canada. -- This message has been
scanned for viruses and dangerous content by MailScanner, and is believed
to be clean. [...]
Content analysis details: (16.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.0 RCVD_IN_UCE_PFSM_1 RBL: Received via a relay in UCE_PFSM_1
[82.177.154.4 listed in dnsbl-1.uceprotect.net]
11 RCVD_IN_JMF_BR RBL: Sender listed in JMF-BROWN
[213.21.154.202 listed in hostkarma.junkemailfilter.com]
2.0 RCVD_IN_PSBL RBL: Received via a relay in PSBL
[82.177.154.4 listed in psbl.surriel.com]
1.0 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.net/Why?s=mfrom;id=custom%40service.com;ip=213.21.154.202;r=doctor.nl2k.ab.ca]
The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.
------------=_519CAE56.AC2A3DB7
Content-Type: message/rfc822; x-spam-type=original
Content-Description: original message before SpamAssassin
Content-Disposition: attachment
Content-Transfer-Encoding: 8bit
Return-Path:
X-Original-To: dave@nk.ca
Delivered-To: dave@nk.ca
Received: from gallifrey.nk.ca (gallifrey.nk.ca [204.209.81.3])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by doctor.nl2k.ab.ca (Postfix) with ESMTPS id 29FB112CFB17
for; Wed, 22 May 2013 05:38:55 -0600 (MDT)
Received: from root by gallifrey.nk.ca with local (Exim 4.80.1)
(envelope-from)
id 1Uf7N9-0004OM-Lq
for dave@nk.ca; Wed, 22 May 2013 05:38:23 -0600
Resent-From: "Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem"
Resent-Date: Wed, 22 May 2013 05:38:23 -0600
Resent-Message-ID: <20130522113823.GA16305@gallifrey.nk.ca>
Resent-To: dave@nk.ca
Received: from errea-mx1.niscent.net ([213.21.154.202])
by gallifrey.nk.ca with esmtp (Exim 4.80.1)
(envelope-from)
id 1Uf6bM-0003fp-A0
for doctor@gallifrey.nk.ca; Wed, 22 May 2013 04:49:07 -0600
Received: from lapostina.errea.it (lapostina.errea.it [81.113.46.131])
by errea-mx1.niscent.net (Postfix) with ESMTP id 46B5B28DC0
for; Wed, 22 May 2013 12:48:58 +0200 (CEST)
Received: from service.com ([82.177.154.4]) by lapostina.errea.it with Microsoft SMTPSVC(6.0.3790.4675);
Wed, 22 May 2013 12:48:53 +0200
From: RBC Royal Bank
To: doctor@gallifrey.nk.ca
Subject: {Spam?} Online Banking: Your account has been limited!
Date: 22 May 2013 12:48:59 +0200
Message-ID: <20130522124859.41F0E947AE640A67@service.com>
MIME-Version: 1.0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-OriginalArrivalTime: 22 May 2013 10:48:53.0432 (UTC) FILETIME=[F38D0380:01CE56D9]
X-NetKnow-OutGoing-4-84-5-3-MailScanner: Found to be clean, Found to be clean
X-NetKnow-OutGoing-4-84-5-3-MailScanner-SpamCheck: spam,
SpamAssassin (not cached, score=6.293, required 1, BAYES_99 3.50,
HTML_IMAGE_ONLY_12 2.06, HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.72,
T_REMOTE_IMAGE 0.01)
X-NetKnow-OutGoing-4-84-5-3-MailScanner-SpamScore: ssssss
X-Spam-Status: Yes, No
X-NetKnow-OutGoing-4-84-5-3-MailScanner-Information: Please contact the ISP for more information
X-NetKnow-OutGoing-4-84-5-3-MailScanner-ID: 1Uf7N9-0004OM-Lq
X-NetKnow-OutGoing-4-84-5-3-MailScanner-IP-Protocol: IPv4
X-NetKnow-OutGoing-4-84-5-3-MailScanner-From: root@gallifrey.nk.ca
X-NetKnow-OutGoing-4-84-5-3-MailScanner-Watermark: 1369654704.32354@ivnWx2hlUM3Pg2vlPErDzA
X-Virus-Scanned: clamav-milter 0.97.8-exp-debug at doctor.nl2k.ab.ca
X-Virus-Status: Clean
RBC Royal Bank / Message Center: 1 New Alert Message!
![](3D"http://www.rbcroyalbank.com/uos/_assets/images/logos/web/rbc_ro=<br)
yalbank_en.gif">
![](3D"https://www1.royalbank.com/uos/common/images/icon_information_g=<br)
old.gif"> 1 New Alert Message!
=20
ng=3D"0" width=3D"100%">
cellpadding=3D"3" cellspacing=3D"0" width=3D"100%">
Customer Service: Your account has b=
een limited!
oye.dk/wp-content/plugins/sslrbc/www1.royal.com/cgi-bin/rbaccess/index.php"=
>Click to Resolve
=20
Thank you for using Royal Bank of Canada.
--=20
This message has been scanned for viruses and
dangerous content by
MailScanner, and is
believed to be clean.
X-Account-Key: account1
X-UIDL: 00001acb4f5d9180
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Received: from localhost by doctor.nl2k.ab.ca
with SpamAssassin (version 3.3.2);
Wed, 22 May 2013 05:39:02 -0600
From: RBC Royal Bank
To: doctor@gallifrey.nk.ca
Subject: [Norton AntiSpam]*SPAM* {Spam?} Online Banking: Your account has been limited!
Date: 22 May 2013 12:48:59 +0200
Message-Id: <20130522124859.41F0E947AE640A67@service.com>
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on doctor.nl2k.ab.ca
X-Spam-Flag: YES
X-Spam-Level: ***************
X-Spam-Status: Yes, score=16.0 required=5.0 tests=RCVD_IN_JMF_BR,RCVD_IN_PSBL,
RCVD_IN_UCE_PFSM_1,SPF_FAIL autolearn=unavailable version=3.3.2
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_519CAE56.AC2A3DB7"
X-Antivirus: AVG for E-mail 10.0.1432 [3184/5854]
X-AVG-ID: ID7C660474-6A5B4E6B
X-Brightmail-Tracker: AAAABhlaoTYdxOgKHcToAR3FBkEdxPnuHcUC9A==
This is a multi-part message in MIME format.
------------=_519CAE56.AC2A3DB7
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Spam detection software, running on the system "doctor.nl2k.ab.ca", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: RBC Royal Bank / Message Center: 1 New Alert Message! 1 New
Alert Message! Customer Service: Your account has been limited! Click to
Resolve Thank you for using Royal Bank of Canada. -- This message has been
scanned for viruses and dangerous content by MailScanner, and is believed
to be clean. [...]
Content analysis details: (16.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.0 RCVD_IN_UCE_PFSM_1 RBL: Received via a relay in UCE_PFSM_1
[82.177.154.4 listed in dnsbl-1.uceprotect.net]
11 RCVD_IN_JMF_BR RBL: Sender listed in JMF-BROWN
[213.21.154.202 listed in hostkarma.junkemailfilter.com]
2.0 RCVD_IN_PSBL RBL: Received via a relay in PSBL
[82.177.154.4 listed in psbl.surriel.com]
1.0 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.net/Why?s=mfrom;id=custom%40service.com;ip=213.21.154.202;r=doctor.nl2k.ab.ca]
The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.
------------=_519CAE56.AC2A3DB7
Content-Type: message/rfc822; x-spam-type=original
Content-Description: original message before SpamAssassin
Content-Disposition: attachment
Content-Transfer-Encoding: 8bit
Return-Path:
X-Original-To: dave@nk.ca
Delivered-To: dave@nk.ca
Received: from gallifrey.nk.ca (gallifrey.nk.ca [204.209.81.3])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by doctor.nl2k.ab.ca (Postfix) with ESMTPS id 29FB112CFB17
for
Received: from root by gallifrey.nk.ca with local (Exim 4.80.1)
(envelope-from
id 1Uf7N9-0004OM-Lq
for dave@nk.ca; Wed, 22 May 2013 05:38:23 -0600
Resent-From: "Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem"
Resent-Date: Wed, 22 May 2013 05:38:23 -0600
Resent-Message-ID: <20130522113823.GA16305@gallifrey.nk.ca>
Resent-To: dave@nk.ca
Received: from errea-mx1.niscent.net ([213.21.154.202])
by gallifrey.nk.ca with esmtp (Exim 4.80.1)
(envelope-from
id 1Uf6bM-0003fp-A0
for doctor@gallifrey.nk.ca; Wed, 22 May 2013 04:49:07 -0600
Received: from lapostina.errea.it (lapostina.errea.it [81.113.46.131])
by errea-mx1.niscent.net (Postfix) with ESMTP id 46B5B28DC0
for
Received: from service.com ([82.177.154.4]) by lapostina.errea.it with Microsoft SMTPSVC(6.0.3790.4675);
Wed, 22 May 2013 12:48:53 +0200
From: RBC Royal Bank
To: doctor@gallifrey.nk.ca
Subject: {Spam?} Online Banking: Your account has been limited!
Date: 22 May 2013 12:48:59 +0200
Message-ID: <20130522124859.41F0E947AE640A67@service.com>
MIME-Version: 1.0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-OriginalArrivalTime: 22 May 2013 10:48:53.0432 (UTC) FILETIME=[F38D0380:01CE56D9]
X-NetKnow-OutGoing-4-84-5-3-MailScanner: Found to be clean, Found to be clean
X-NetKnow-OutGoing-4-84-5-3-MailScanner-SpamCheck: spam,
SpamAssassin (not cached, score=6.293, required 1, BAYES_99 3.50,
HTML_IMAGE_ONLY_12 2.06, HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.72,
T_REMOTE_IMAGE 0.01)
X-NetKnow-OutGoing-4-84-5-3-MailScanner-SpamScore: ssssss
X-Spam-Status: Yes, No
X-NetKnow-OutGoing-4-84-5-3-MailScanner-Information: Please contact the ISP for more information
X-NetKnow-OutGoing-4-84-5-3-MailScanner-ID: 1Uf7N9-0004OM-Lq
X-NetKnow-OutGoing-4-84-5-3-MailScanner-IP-Protocol: IPv4
X-NetKnow-OutGoing-4-84-5-3-MailScanner-From: root@gallifrey.nk.ca
X-NetKnow-OutGoing-4-84-5-3-MailScanner-Watermark: 1369654704.32354@ivnWx2hlUM3Pg2vlPErDzA
X-Virus-Scanned: clamav-milter 0.97.8-exp-debug at doctor.nl2k.ab.ca
X-Virus-Status: Clean
yalbank_en.gif">
old.gif"> 1 New Alert Message!
=20
ng=3D"0" width=3D"100%">
cellpadding=3D"3" cellspacing=3D"0" width=3D"100%">
Customer Service: Your account has b=
een limited!
oye.dk/wp-content/plugins/sslrbc/www1.royal.com/cgi-bin/rbaccess/index.php"=
>Click to Resolve
=20
Thank you for using Royal Bank of Canada.
--=20
This message has been scanned for viruses and
dangerous content by
MailScanner, and is
believed to be clean.
--=20
This message has been scanned for viruses and
dangerous content by
MailScanner, and is
believed to be clean.